IBM Security QRadar

 View Only
Expand all | Collapse all

Rebuild Qradar 7.2.8 to 7.3.1 with Appnode

  • 1.  Rebuild Qradar 7.2.8 to 7.3.1 with Appnode

    Posted Wed April 17, 2019 03:44 AM
    We recently setup new Qradar infra, so we want to rebuild our old Qradar 7.2.8 to new version 7.3.1 with below modification.
    Current:
    Appliance 3105- Console
    Appliance 1605 - EP+EC

    Changes needs in New setup:
    3105 - Console + EP+EC
    1605 - Appnode

    So basically we want to convert our existing EC(1605) to appnode and add all components in a single appliance 3105. What is the best approach to achieve this requirement?

    ------------------------------
    Dastagirsab Mulla
    ------------------------------


  • 2.  RE: Rebuild Qradar 7.2.8 to 7.3.1 with Appnode

    Posted Mon April 22, 2019 02:03 PM
    Dastagirsab,

    I would suggest using 7.3.2 for this, as AppHost seems to be easier to manage than the previous AppNode, and since you do not have an AppNode you need to migrate, I'd say go straight to 7.3.2 for this work.

    So your 3105 should already have those components, since, and anyone correct me if I'm wrong, but 31xx device types are technically All-In-One regardless of whether they have attached managed hosts, so you can still send events and have them parsed.

    So you 16xx you will simply re-image it to become a 4000 appliance for AppHost.  If you proceed with 7.3.1 and want this to be an AppNode, I think you'd just have to re-image it and set it up with CentOS or RHEL and follow the guidelines to make it an AppNode.

    ------------------------------
    Ira Shackelford
    ------------------------------